Passwords are becoming increasingly easy to compromise. Passwords can be stolen, guessed, or hacked. One form of authentication that has seen a rise is two-factor authentication (TFA), which uses a secondary device such as a phone to provide an additional factor of authentication. Integrating such a tool into an application, however, can be challenging. For some service providers, building a TFA system is outside of the service provider's core competency. In some cases, an outside TFA service can be used. This solution can expose a secondary service to the user that provides the TFA as a service, but this can be disruptive to users of the primary service or application. Introducing a third party TFA application may additionally be undesirable by the service provider. Thus, there is a need in the authentication and authorization field to create a new and useful system and method for integrating two-factor authentication in a device. This invention provides such a new and useful system and method.